Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Dutch cybersecurity experts warning companies about global ransomware attack
April 28, 2024
Dutch cybersecurity companies have issued warnings to thousands of companies about a global ransomware attack. The attackers, known as the Cactus Gang, are from Eastern Europe and have been active since the end of last year. The cybercriminals managed to penetrate the security systems of 122 companies, and at least 10 of those are in the ...
- Kansas City SCOUT cameras, highway message boards ‘down until further notice’, officials blame cyber attack
April 25, 2024
The traffic cameras, tracking systems and message boards used by many throughout the Kansas City metro area are down until further notice due to what officials are calling a cyber attack. Officials with the Kansas City Scout system said early this morning all SCOUT systems went down until further notice. This included the KC SCOUT website, ...
- Why tourists are particularly vulnerable to cyber attacks
April 25, 2024
Travelling abroad always comes with the potential risk of cybercrime threats including spoofing, phishing attacks, catfishing, fraudulent links and calls, spamming, etc. These travel risks are more for tourists who are generally travelling to a new country for the first time or are alone. They don’t know much about the native language of the new place ...
- United Nations investigating potential ransomware attack after data ripped from IT systems
April 23, 2024
Hackers managed to break into the United Nations Development Programme (UNDP) IT systems in Copenhagen, stealing a wide range of sensitive data. Ransomware gang 8Base has claimed responsibility, posting on its own website that the group had managed to get its hands on employment contracts, personal data, invoices and much more Read more… Source: MSN News Sign up for ...
- Are We Ready for a Cyber Attack on Food and Farming?
April 23, 2024
Federal officials and lawmakers are preparing to defend against cyber attacks that would leave residents without reliable access to food by targeting the food and agriculture sectors. The latest preparation effort is Cyber Storm — a massive, multiday tabletop exercise involving state, local, tribal, territorial, federal and private-sector organizations — and it probed how well participants ...
- Androxgh0st malware ramps up global attacks
April 22, 2024
More than 600 servers worldwide have been subjected to recent attacks with the Androxgh0st malware, reports Hackread. The U.S., India, and Taiwan accounted for the bulk of the impacted servers, which were compromised by Androxgh0st malware operators through web shells deployed via the exploitation of several security vulnerabilities, including CVE-2019-2725, CVE-2021-3129, and CVE-2024-1709, a report from ...